Microsoft has another problem, this time with Internet Explorer. It seems IE is just a little *too* good at URL encoding. It allows anyone to make a website appear legitimate. The address bar and status bar all look like it's going to a legitimate site, but it's NOT. I have created a simple demo in 5 minutes: <BR>http://www.netdocuments.ca/kolt/index.htm <BR>hover over the link. Look at the status bar. Click the link. Look at the address bar. <BR>This is serious, not only because of the infamous email scam that tries to get you to "login" to "paypal" or "****" using your username/password, but because Microsoft is refusing to release a December "roll-up" patch for it. It only works in Internet Explorer. Not sure of version numbers. <BR>BEWARE!!!